MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 335d8ed00053696daafe3bf49972b52e1db2588c913d6de0e14e6fcd158d90c5
SHA3-384 hash: 9e714d2054dc76b8cb54cce9f3f15bd0ea2896e880a710b467ea7825869785dc9828782253906c769c50314c538a7568
SHA1 hash: b1d7cd0f6c4c80d2e32b88035758b29c16de7809
MD5 hash: bf58f1f5ba38586457ad1af57125701d
humanhash: island-venus-harry-saturn
File name:bf58f1f5ba38586457ad1af57125701d.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:110'592 bytes
First seen:2020-06-03 13:32:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash aca906023b701271c373606653081b49 (1 x GuLoader)
ssdeep 1536:beSPfxV40iZk5QmizCkgrKHxLdGKc+o0FDHdZ1gIvdEoxJbcqi/U2nH:b3PXim3vKVdhjFD9zR/2n
Threatray 963 similar samples on MalwareBazaar
TLSH 3FB37B07EC4C8A53D1444BBD3D279EB93B0CA80D49409FEFB2396E9BAE316511CA711E
Reporter abuse_ch
Tags:exe GuLoader


Avatar
abuse_ch
GuLoader payload URL:
https://www.mediafire.com/file/qkoi5l6tdrrpdrj/origin_LDvkBATqX165.bin/file

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/6329/
Detection(s):
Win.Dropper.NetWire-7996875-0
Create hunting rule

Win.Malware.Razy-7997182-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 14:02:05 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gnoy5uaaknuw3kx6hp2js4vvfyo3ewemse6w3yhbjzx42fmnsdcq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
2f99de0c12f67f877e1944d5bc6f889ff9013fb7e902b91260f4bdc952959d7e
GuLoader
3e3529db8cde73fcdb792f6414ebe6fb9a6ec5ba5cf5f503376a795387b2020e
GuLoader
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
GuLoader
7d110a4f6f206b5fb49742150bdbd7ffc43b29a5b2fa32424ef32aa20c4696f8
GuLoader
87f0608e17f3f39e988ac186a431366e1de35968b89943a03f6681e23ab5b684
GuLoader
883f3aee2a5fbc449a9f67c9a35dbbf74ddb22e5e9e8a08c9671407bcf5c781f
GuLoader
97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3
GuLoader
ca1db184290b274c1f78b091bf019926fa258dd8b1f5bb316a55832aec970338
GuLoader
d571629d266c5354146cdfe698d79c88c33e598aa6c8d9a0587662c6b5421ed2
GuLoader
f4a522f673e38bf75d61a8c1c53dc48b36be2c37986259cd8ef7b605fd6716ca
GuLoader
+ 953 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-f3yfv935ws/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
URLhaus
https://urlhaus.abuse.ch/url/376035/
Cape
Cape
https://www.capesandbox.com/analysis/6329/

Comments